This article describes how to integrate OneLogin with Umbrella.

How To Integrate OneLogin

Access your OneLogin developer account.
On the Administration page, go to Applications > Add App.
Find the AWS Cognito.
Set Umbrella (SAML) under the Display name (or any other name).
Add an icon and description (optional).
Click Save.
Go to Applications > Umbrella (SAML) > Configuration and enter the following:
- In SAML Consumer URL, set: https://mypileus.auth.us-east-1.amazoncognito.com/saml2/idpresponse
- In SAML Audience, set: urn:amazon:cognito:sp:us-east-1_Uv6ArNdSK
- In SAML Recipient URL, set the same URL as the consumer: https://mypileus.auth.us-east-1.amazoncognito.com/saml2/idpresponse
- In the Single Logout URL, set: https://mypileus.io/log_out
- In ACS URL Validator, set: https://mypileus.auth.us-east-1.amazoncognito.com/saml2/idpresponse
Click Save.
Go to Applications > Umbrella (SAML) > Users.
Add the relevant users (Users should already be registered to Umbrella).
Forward the following to complete the configuration on Umbrella's side to ([email protected]):
- Issuer URL (go to Applications > Umbrella (SAML) > SSO > Issuer URL).
- A list of all email domains.
After Umbrella completes the integration, we will provide you the URL value, Please enter it in OneLogin at:
- Go to Applications > Umbrella (SAML) > Configuration
- at the Login URL set the URL you received from Umbrella.

For controlling user creation in Umbrella -
As part of the SSO integration, follow the steps below to add users and management roles from the IDP (identity provider):

Navigate to the Applications > Umbrella (SAML) > Parameters.
Click on "+" icon.
Define the New field as follows and click on Save:

Navigate to the Applications > Umbrella (SAML) > Rules.
Click on Add Rule.
Define the condition based on your roles.
Under the Actions section, define the following:

ℹ️
you can find the role ID of a specific role on the Accounts > Roles & Users page.